My Medical Records Have Been Stolen, Can I Make A Claim?
By Jo Greenwood. Last Updated March 2024. If your medical records have been stolen can you make a data breach claim? Within this guide we shall discuss the eligibility criteria for making a personal data breach claim. This article aims to clarify that process and help you understand if you have a valid claim.
You will also learn how much you could be entitled to in compensation, as well as how you could benefit from using our No Win No Fee solicitors.
Legal Expert can offer advice and support on what to do in the event of a medical data breach. Read on to find out more, or contact our team by:
- Calling 0800 073 8804
- Emailing info@legalexpert.co.uk
- Using the live chat feature on your screen
- Or claim online using our form.
Select A Section
- My Medical Records Have Been Stolen, Can I Claim?
- How Could My Medical Records Have Been Stolen?
- Who Could You Claim Against?
- How Do I Claim For A Data Breach?
- What Can I Claim If My Medical Records Have Been Stolen?
- Medical Records Data Breach Claims With No Win No Fee Solicitors
My Medical Records Have Been Stolen, Can I Claim?
If your medical records have been stolen, it may be possible to make a data breach claim. However, this depends on whether you can prove those who were responsible for the records are liable for the breach. Personal data is defined by the UK General Data Protection Regulation (UK GDPR) as any information that may identify you. A personal data breach occurs when there is a data security issue that sees personal information unlawfully, or accidentally, altered, lost, stolen, disclosed or destroyed.
Personal data that is likely to be more sensitive, for example, data concerning your health, is given extra protection by UK GDPR. The Information Commissioner’s Office (ICO), which is an independent body that was set up to protect data rights in the UK, refers to medical records as special category data. If exposed, special category data could pose a major risk to your fundamental rights and freedoms.
The Data Protection Act (2018) (DPA) is used alongside the UK GDPR to protect how your personal information is processed.
The UK GDPR sets out principles that data controllers and data processors should follow when handling personal data. The rules make sure that data is:
- Used in a fair and transparent way
- Collected for the purpose that was specified to the data subject
- Adequate and relevant
- Accurate and updated
- Not kept for longer than necessary
- Processed securely
If the above principles are neglected, and your medical records have been stolen as a result, you could be entitled to make a data breach claim. Connect with our team of advisors for more information.
How Could My Medical Records Have Been Stolen?
Your medical records could have been stolen if a computer containing this information is infected with a virus or other malware. Malware attacks may happen if computers are not protected with anti-malware software, or the software is out-of-date and may not detect newer threats. Medical records appeal to hackers because they contain sensitive data, which cybercriminals may use to financially coerce you.
Your medical records may have been stolen as a result of computers, tablets or USB sticks containing your records being physically taken or stolen from a hospital or GP surgery.
If you want to make a personal data breach claim for stolen medical records you will need to show how those who had the records in their possession failed in keeping them safe. You will also need to demonstrate how you suffered because of this personal data breach.
Who Could You Claim Against?
Whenever you visit a medical facility, for example, a hospital, GP surgery or dental practice, staff are likely to have access to your medical records. Those who have access to your medical records and could potentially leave your data vulnerable to be stolen include:
- General Practitioners
- Dentists
- Opticians
- Private Practitioners
- Psychiatrists
- Hospitals
- Pharmacies
- Specialist consultants
- Physiotherapist
If your medical records have been stolen due to the fault of other parties, and this has resulted in a personal data breach, you may be able to claim. Use the live chat feature to speak to our advisors for more information. They are available to talk to 24/7.
How Do I Claim For A Data Breach?
Before claiming compensation, you should make sure that you have sufficient evidence. The onus will be on you to prove liability for the personal data breach. You will also need to demonstrate that the personal data breach has led to you suffering financially or mentally or both.
If you are informed by an organisation or individual, such as a hospital or GP, that your data has been breached, you may already have evidence to back your claim. However, if you do not receive a letter confirming the personal data but suspect this is what has happened you should consider making a complaint to the organisation or individual.
In the event that you don’t receive a satisfactory response, it may be useful to report the incident to the ICO. While they cannot provide compensation, they could start an official investigation.
It’s worth noting that you don’t have to report an incident to the ICO to make a claim. Our panel of solicitors offer expert legal advice and may support you in seeking compensation if they think your claim is valid enough.
What Can I Claim If My Medical Records Have Been Stolen?
There are two types of damages you can claim for a valid personal data breach: Material damage takes into consideration any losses relating to your possessions, such as loss of money, whilst non-material damage accounts for any psychological damages that have resulted from a data breach.
Previously, you were only able to claim for psychological damages if you had also experienced material damage. However, following the Court of Appeal case, Vidal-Hall v Google Inc 2015, it is now possible to claim for non-material damage without experiencing any material damage. Therefore, we have used figures provided by the Judicial College Guidelines in the compensation table for psychological injury.
Health Issue | Severity | Award Bracket | Comments |
---|---|---|---|
General Psychiatric Damage | Severe | £54,830 to £115,730 | Aspects of your life, including your ability to work, will be detrimentally affected. |
General Psychiatric Damage | Moderately Severe | £19,070 to £54,830 | Prognosis will be much more optimistic however you may still struggle with some aspects of your life. |
General Psychiatric Damage | Moderate | £5,860 to £19,070 | Prognosis will be good and you will have made a marked recovery. |
General Psychiatric Damage | Less Severe | £1,540 to £5,860 | Sleep may be affected as well as other daily activities. |
Post Traumatic Stress Disorder (PTSD) | Severe | £59,860 to £100,670 | Relationships in your life are likely to be affected, while you may be unable to work. |
Post Traumatic Stress Disorder (PTSD) | Moderately Severe | £23,150 to £59,860 | There could be significant disability in the future given the effects of PTSD. |
Post Traumatic Stress Disorder (PTSD) | Moderate | £8,180 to £23,150 | There will be a good recovery and any ongoing symptoms will not be too severe. |
Post Traumatic Stress Disorder (PTSD) | Less Severe | £3,950 to £8,180 | Minor symptoms may persist following two years, however a full recovery is expected to be made before then. |
For a more accurate estimate of what you could receive, speak with our team of advisors. They can advise what your potential compensation pay out may be using details of your claim.
Medical Records Data Breach Claims With No Win No Fee Solicitors
If you’re eligible to make a personal data breach claim following a medical data breach, you might wish to get help from a solicitor who has experience with this type of case. One of our solicitors may offer to represent you in your claim by offering you a type of No Win No Fee agreement known as a Conditional Fee Agreement (CFA).
Under this type of arrangement, you will not have to pay any upfront or ongoing service fees to your solicitor. Furthermore, you won’t have to pay them for the work they have done on your case if it is unsuccessful.
If your claim succeeds, you will pay a success fee to your solicitor. This fee is a legally capped percentage deducted from your compensation payout.
To find out if you could be eligible to work with one of our solicitors following a data breach of your medical records, you can contact our advisors. Our friendly team is available to help you 24 hours a day and can be reached by:
- Calling 0800 073 8804
- Using our live chat service.
- Completing our ‘claim online’ form.
Medical Data Breach Claim Resources
The following resources may come in handy when dealing with a medical data breach.
Your Data Matters – The ICO offers advice on how to take your case to court.
Personal Data Breaches – NHS guidance on what to do in the event of a data breach.
GP Ratings – Find out how the Care Quality Commission reviews GP practices.
Here are some more of our guides that may help you.
Medical Conditions Data Breach Claims – Find out how much compensation you could claim for a medical condition data breach.
GP Data Breach – Information on how a GP could breach data privacy.